Skip to main content
CVE-2021-22931 CRITICAL POC PATCH THREAT Act Now

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Node.js Node Js Active Iq Unified Manager +8
NVD
CVSS 3.1
9.8
EPSS
22.0%
CVE-2021-38754 CRITICAL POC Act Now

SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-38753 CRITICAL POC Act Now

An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Simple Image Gallery Web App
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-35395 CRITICAL POC KEV PATCH THREAT Act Now

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Command Injection Rtl819X Jungle Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
98.1%
CVE-2021-35394 CRITICAL POC KEV PATCH THREAT Act Now

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Command Injection Rtl819X Jungle Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-35393 CRITICAL POC PATCH THREAT Act Now

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Rtl819X Jungle Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
70.3%
CVE-2021-24527 CRITICAL POC Act Now

The User Registration & User Profile - Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Profile Builder
NVD WPScan
CVSS 3.1
9.8
EPSS
7.7%
CVE-2021-32827 CRITICAL POC PATCH Act Now

MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Mockserver Communications Cloud Native Core Policy
NVD GitHub
CVSS 3.1
9.6
EPSS
2.2%
CVE-2021-32825 CRITICAL POC PATCH Act Now

bblfshd is an open source self-hosted server for source code parsing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Bblfshd
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2021-21861 HIGH POC This Week

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21860 HIGH POC This Week

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21859 HIGH POC This Week

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-32826 HIGH POC This Week

Proxyee-Down is open source proxy software. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Proxyee Down
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-38758 HIGH POC This Week

Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Online Catering Reservation System
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-35392 HIGH POC PATCH THREAT This Week

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Rtl819X Jungle Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
83.2%
CVE-2021-33193 HIGH POC PATCH THREAT This Week

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.4.17 to 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Authentication Bypass Debian Linux Http Server Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
46.2%
CVE-2021-23423 HIGH POC PATCH This Week

This affects the package bikeshed before 3.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Bikeshed
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-38712 HIGH POC This Week

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Onenav
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-38315 MEDIUM POC This Month

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Sp Project Document Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34667 MEDIUM POC This Month

The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Calendar Plugin
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34666 MEDIUM POC This Month

The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the ~/wp_sidebarMenu.php file which allows attackers to inject arbitrary web scripts, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Add Sidebar
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34665 MEDIUM POC This Month

The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the saq_txt_the_filter parameter in the ~/wp-seo-tags.php file which allows attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Wp Seo Tags
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34664 MEDIUM POC This Month

The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the ~/Checkout/Checkout.php file which allows attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Moova For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34663 MEDIUM POC This Month

The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/jquery-tagline-rotator.php file which allows attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Jquery Tagline Rotator
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34659 MEDIUM POC This Month

The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `email` parameter in the ~/license.php file which allows attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Plugmatter Pricing Table
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34658 MEDIUM POC This Month

The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Simple Popup Newsletter
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34657 MEDIUM POC This Month

The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the ~/vendor/Org_Heigl/Hyphenator/index.php file which allows attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Typofr
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34656 MEDIUM POC This Month

The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP 2Way Videocalls And Random Chat
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34655 MEDIUM POC This Month

The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the ~/inc/class.ajax.php file which allows attackers to inject arbitrary web scripts,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Wp Songbook
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34654 MEDIUM POC This Month

The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptr[name] parameter found in the ~/pages/admin-page.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Custom Post Type Relations
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34653 MEDIUM POC This Month

The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Wp Fountain
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34652 MEDIUM POC This Month

The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Media Usage
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34651 MEDIUM POC This Month

The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows attackers to inject arbitrary web scripts, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Scribble Maps
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34649 MEDIUM POC This Month

The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Simple Behace Portfolio
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34644 MEDIUM POC This Month

The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Multiplayer Plugin
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-34643 MEDIUM POC This Month

The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Skaut Bazar
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2021-34642 MEDIUM POC This Month

The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the api_key in the ~/views/settings.php file which allows attackers to inject arbitrary web scripts, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Smart Email Alerts
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38757 MEDIUM POC This Month

Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38756 MEDIUM POC This Month

Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-24536 MEDIUM POC This Month

The Custom Login Redirect WordPress plugin through 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Custom Login Redirect
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-24535 MEDIUM POC This Month

The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them (even with the unfiltered_html disallowed). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Light Messages
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-24466 MEDIUM POC This Month

The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Verse O Matic
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-24411 MEDIUM POC This Month

The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Social Tape
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-24410 MEDIUM POC This Month

The తెలుగు బైబిల్ వచనములు WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Telugu Bible Verse Daily
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-24362 MEDIUM POC This Month

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37708 CRITICAL PATCH Act Now

Shopware is an open source eCommerce platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Shopware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-24445 MEDIUM POC This Month

The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Site Audit
NVD WPScan
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-34641 MEDIUM POC This Month

The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Seopress
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-38752 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Catering Reservation System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24548 MEDIUM POC This Month

The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mimetic Books
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy